Get the latest security news in your inbox.

My whole career, I’ve always wanted to gear it towards information security. I’m always looking for ways to improve my skills in penetration testing. My hunger for knowledge and my odd craving for challenges that push me to my limits have remained insatiable. Proving something to me is important, as are establishing my InfoSec credentials. Those are probably a few of the top reasons I took the OSCP exam.

Offensive Security Certified Professional (OSCP) is a certification program that focuses on hands-on offensive information security skills. It consists of two parts: a nearly 24-hour pen testing exam, and a documentation report due 24 hours after it. OSCP is a very hands-on exam.

Before you can take the OSCP exam, you are required to take the Penetration Testing with Kali (PWK) course. Taking the course is mandatory for you to become eligible to take the OSCP. In addition to the knowledge you gain from the course, it opens doors to several career opportunities in information security. Of course, those who pass get bragging rights too.

If you ask OSCP-takers about the difficulty level of the exam, you will get varied answers but most people say that it's the most difficult exam they've taken in their lives. This is why it is critical to prepare well for it.

The PWK course doesn’t teach you everything, but the materials are enough to get you started. I cannot emphasize enough the importance of preparing prior to the course. Here’s a list of the things you need to learn to get prepared for OSCP:

Linux and Windows Environment - You need to be familiar with both. These will help you spot clues for privilege escalation. I’m a Windows guy and during the labs, I learned Linux the hard way.

Metasploit Framework – Brush up on creating payloads with different formats, using multi handlers, and using staged vs non-staged payloads. Knowing these things will save you some time during your exam.

Nmap - Different scanning techniques and Nmap NSE Scripts will help you a lot during your lab or exam.

Netcat and Ncat - You’ll be using these a lot during the OSCP.

Wireshark and tcpdump - Those are important because you’ll be using Wireshark to debug your exploit - or tcpdump, when machines don’t have a GUI.

Windows and Linux Privilege Escalation - Aside from using kernel exploits, brush up on misconfigurations like weak service/file permissions and NFS/Shares.

Hackthebox.eu - They have several Windows boxes so if you want to focus on Windows I highly suggest this.

I hope my suggestions will help you in your OSCP journey. If you want to know more about my experience, you can check out my blog for cheat sheets and methodologies I’ll be uploading it soon. If you have questions or need any help you can reach me via Twitter @blad3ism.

About the Author:Blade SorianoBlade Soriano is an Application Security Tester from the Philippines aspiring to be part of a Red Team. He passed his OSCP certification September, 2017.Twitter: @blad3ism
Blog: bladeism.com
Read more posts from Blade Soriano ›